enterprisesecuritymag

CELs 2021 business and technology prediction

By Shoichiro Tanaka, Founder & CEO, CEL LTD.

Cybersecurity market in Japan grows with law enforcement. The Basic Act on Cybersecurity was established in 2014 that clarifies the responsibilities of the national and local governments. The amendment in 2018 aims to ensure cybersecurity while Japan hosts the Tokyo Olympics & Paralympics in 2020. Under the amended Act, the government will set up a council that discusses the promotion of cybersecurity measures. The council will consist of national government agencies, local governments, critical information infrastructure operators, cyberspace-related business entities, and educational and research institutions.

After that law enforcement, METI (Ministry of Economy, Trade and Industry) started organizational certification for security vendors in 2018, that follows UK CREST. There is 4 type of information security vendors that government give the certification: Security audit, Vulnerability assessment, Digital forensic, Security monitoring. (e.g., CEL got VA certification of METI)

Japan security industry always follows global standards.

Following CISSP or CEH, government started national security personnel certification in 2016: “Registered Information Security Specialist“.

Following GDPR, penalties for personal information leakage by Japan privacy law (Act on the Protection of Personal Information) had been strengthened in 2020.

CEL’s intelligence team follows thus law trend, as well as technology and business trend. As we focus on mainly Asian security market, we have 100+ critical infrastructure company customers in Japan and handling 300+ security assessment projects in a year: Automotive, Manufacturing, Bank, Energy, Construction, Oil & Gas, and Government.

Here we illustrate the market problem and opportunity.

1.Secure SDLC

Our customer always worrying about security skill shortage of app developers. Security knowledge is needed early stage in software development lifecycle. If you do not engage security engineers into the team during early development stage, then the project will be delayed because of the security problem.

2.False positives in network security

Some of our manufacturing customers are experiencing 1000 alert in a day. 99.9% of them are false positive. Even they had implemented Antivirus, Firewall, EDR tools, SIEM tools, they are worrying about how to utilize that tools with limited inhouse security staffs. Almost all national clients now depend on security outsourcing staffing company for that demand.

3.Talent skills mapping and evaluation criteria

Skills and staff shortage exist even in government and large enterprise. CIO and CISO should illustrate what types of talent is needed. But this is the most difficult question. They should clarify skills requirement and talent development plan. Additionally, they have to have evaluation criteria for inhouse security staff and outside vendors. Usually, CEL use international security standards like ISO27001, US NIST or local standards for making organizational and personnel skill building.

CEL’s basic differentiation is a hybrid solution of AI and specialists for these 3 major problems. We think these 3 major problems will be more and more in 2021. CEL is continuously hiring and delivering security consultants, engineers, lawyers.